| ▲ | johnisgood 3 days ago | |||||||
Any thoughts on the use of strdupa()? I do not use it, but I wonder if that is dangerous too, considering it uses alloca(). | ||||||||
| ▲ | mananaysiempre 3 days ago | parent [-] | |||||||
I’ve been defending alloca() here, but no, strdupa() (not to be confused with shlwapi!StrDupA on Windows) is a bad idea. In cases that I think are acceptable, the size of the allocation is reasonably small and does not come from outside the program. Here you’re duplicating a string that you probably got somewhere else and don’t really control. That means you don’t really know if and when you’re going to overflow the stack, which is not a good position to be in. (Once upon a time, MSLU, a Microsoft-provided Unicode compatibility layer for Windows 9x, used stack-allocated buffers to convert strings from WTF-16 to the current 8-bit encoding. That was also a bad idea.) | ||||||||
| ||||||||